> https://datatracker.ietf.org/doc/draft-hardaker-dnsop-nothing-new/ > > This is more hoping to start discussions and thinking more than > believing this is the perfect solution (as it's a hack, though the > more I've thought about it the happier I've become with the hack).
Just a random idea: turn the protocol upside down When a client wants to refresh an RRset plus RRSIGs and finds that the size exceeds some limit, the client adds to the request an EDNS(0) option that contains the hash of the RRSIGs in some canonical way. (We can also hash the RRset plus the RRSIGs if we want to support unsigned zones as well). When the server finds that the hash of the RRSIGs matches its current RRSIGs for the RRset it replies with a NONEWDATA error. The only thing left to decide is how TTLs should be handled, in particular if the answer is not from an authoritative server. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
